site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com For example: Cheers, -- Jacques On Jun 19, 2009, at 1:24 AM, evaluador evaluador wrote: Hello, _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... You can accomplish your example by using Sandbox in Leopard and later releases. It provides a flexible mechanism for defining what operating system resources a process may or may not obtain. Unfortunately, that mechanism is not API, and may change from release to release. $ wc /private/etc/profile 9 30 189 /private/etc/profile $ sandbox-exec -p '(version 1) (allow default) (deny file-read* file- write* (regex #"^/private/etc/p"))' zsh $ wc /private/etc/profile wc: /private/etc/profile: open: Permission denied You can see a few other example Sandbox definitions in /usr/share/ sandbox. I want to implement a kauth filter based on regular expression filename matching. I would like to, for example, deny open to "/etc/ p*". How could I implement this from kernel without having to parse the mask myself? _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/nectar %40apple.com This email sent to nectar@apple.com This email sent to site_archiver@lists.apple.com